A failed dot-com that is majority-controlled by Disney has become the first online company charged with violating new federal laws protecting children's privacy online.

The Federal Trade Commission said today that Toysmart.com violated the Children's Online Privacy Protection Act of 1998 (COPPA) by collecting personal information from children without their parents' consent.

The FTC also announced today that it reached an agreement with Toysmart about earlier charges that the company was trying to sell confidential customer information.

It was in investigating the earlier case that the commission discovered the COPPA violation. The FTC said in a statement that it will amend the complaint it filed in U.S. District Court in Boston to include the new charges against Toysmart.

Disney issued a statement saying that it was "pleased" with the
agreement. The company declined to comment on the charges against Toysmart.

The COPPA laws went into effect April 21, almost exactly a month before Toysmart ceased operations.

Under the agreement, Toysmart must withdraw the customer information as a separate item on its list of assets. The list may only be sold if it is packaged with the entire Web site. In addition, the company must find a suitable buyer or "an entity that is in a related market" and one that agrees to be "Toysmart's successor-in-interest" to the customer information.

The company that buys the information must agree to abide by Toysmart's original privacy agreement, which promised never to sell or share customer information with a third party.

If the bankruptcy court judge handling the case does not approve of the terms of the settlement, Toysmart agrees to delete or destroy all customer information.

The five-person FTC commission voted 3-2 to approve the terms of the agreement, with the two dissenters--Sheila F. Anthony and Orson Swindle--concerned that it didn't go far enough to protect consumers.

"In my view, such a sale should not be permitted because 'never' really means 'never,'" Swindle said, referring to Toysmart's privacy statement.

A storm of controversy rained on Toysmart after CNET News.com reported in June that it had placed customers' personal information up for auction. The FTC filed a complaint charging Toysmart with violating Section 5 of the FTC act, which prohibits unfair or deceptive acts.

Since then, several government agencies have sought to bar the sale. Just today, 39 states filed an objection in federal court to Toysmart selling its customer information. Rep. Spencer Bachus, R-Ala., announced plans earlier this month to introduce legislation that would make it illegal for companies to sell customer information during a bankruptcy.

CNET News.com also reported that British fashion site Boo.com had sold its customer information to Fashionmall.com after closing down in May. CMGI-backed Craftshop.com filed for Chapter 11 bankruptcy in May and had, like Toysmart, included customer information among its list of assets.

An FTC representative declined to say whether the agency would take action against Boo.com or Craftshop. But it may not have trouble with Craftshop.

Angus Mackey, Craftshop's former chief executive, said today that the company had reviewed the legal issues and reversed its decision to sell customer information.

"The list will be retired in keeping with our posted privacy agreement," Mackey said.

About the author

Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.
See full bio